File name:

Bat_To_Exe_Converter.exe

Full analysis: https://app.any.run/tasks/fbe81904-f3a9-4609-8c75-2310ed22db9c
Verdict: Malicious activity
Analysis date: October 29, 2024, 22:06:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

603F241C0CB4530ACE1F37F3E8D86D04

SHA1:

389B4135578245D0D938E883A5FD5B713DB57EB5

SHA256:

D853C4B83A9C8180C16FD22C3D63A899B101B9E7B5D9328777F37484C8649402

SSDEEP:

98304:iOCRdofwizpemekWgQol9kbfRTOTt5f4Dr1TGGGTYeCXdPmBZRnVxXC4WswbRZQR:OH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Bat_To_Exe_Converter.exe (PID: 612)
      • Bat_To_Exe_Converter.exe (PID: 7004)

    • There is functionality for taking screenshot (YARA)

      • Bat_To_Exe_Converter.exe (PID: 612)

    • Executes application which crashes

      • Bat_To_Exe_Converter.exe (PID: 612)
      • Bat_To_Exe_Converter.exe (PID: 7004)

    • Starts CMD.EXE for commands execution

      • SomeEXE.exe (PID: 6232)

    • Executing commands from a ".bat" file

      • SomeEXE.exe (PID: 6232)

  • INFO

    • Create files in a temporary directory

      • Bat_To_Exe_Converter.exe (PID: 612)

    • Checks supported languages

      • Bat_To_Exe_Converter.exe (PID: 612)

    • Reads the computer name

      • Bat_To_Exe_Converter.exe (PID: 612)

    • UPX packer has been detected

      • Bat_To_Exe_Converter.exe (PID: 612)

    • Manual execution by a user

      • Bat_To_Exe_Converter.exe (PID: 7004)
      • Taskmgr.exe (PID: 6484)
      • SomeEXE.exe (PID: 6232)
      • Taskmgr.exe (PID: 948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (64.1)
.dll | Win32 Dynamic Link Library (generic) (15.5)
.exe | Win32 Executable (generic) (10.6)
.exe | Generic Win/DOS Executable (4.7)
.exe | DOS Executable Generic (4.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:02:01 20:50:01+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 2.5
CodeSize: 1781760
InitializedDataSize: 147456
UninitializedDataSize: 1523712
EntryPoint: 0x327340
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.0.8.0
ProductVersionNumber: 3.0.8.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Fatih Kodak
ProductName: Bat To Exe Converter
ProductVersion: 3.0.8
FileVersion: 3.0.8
FileDescription: Bat To Exe Converter
InternalName: Bat To Exe Converter
OriginalFileName: Bat To Exe Converter
Email: webmaster@f2ko.de
Website: http://www.f2ko.de
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
12
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT bat_to_exe_converter.exe werfault.exe no specs werfault.exe no specs rundll32.exe no specs bat_to_exe_converter.exe werfault.exe werfault.exe someexe.exe no specs conhost.exe no specs cmd.exe no specs taskmgr.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
612"C:\Users\admin\AppData\Local\Temp\Bat_To_Exe_Converter.exe" C:\Users\admin\AppData\Local\Temp\Bat_To_Exe_Converter.exe
explorer.exe
User:
admin
Company:
Fatih Kodak
Integrity Level:
MEDIUM
Description:
Bat To Exe Converter
Exit code:
3221226525
Version:
3.0.8
Modules
Images
c:\users\admin\appdata\local\temp\bat_to_exe_converter.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
948C:\WINDOWS\SysWOW64\WerFault.exe -u -p 612 -s 1832C:\Windows\SysWOW64\WerFault.exeBat_To_Exe_Converter.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
948"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Manager
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
1396C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7004 -s 1832C:\Windows\SysWOW64\WerFault.exe
Bat_To_Exe_Converter.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1744"C:\WINDOWS\sysnative\cmd" /c "C:\Users\admin\AppData\Local\Temp\98A5.tmp\98A6.tmp\98A7.bat C:\Users\admin\Desktop\SomeEXE.exe"C:\Windows\System32\cmd.exeSomeEXE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
2684C:\WINDOWS\SysWOW64\WerFault.exe -u -p 7004 -s 1532C:\Windows\SysWOW64\WerFault.exe
Bat_To_Exe_Converter.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
3156C:\WINDOWS\SysWOW64\WerFault.exe -u -p 612 -s 1808C:\Windows\SysWOW64\WerFault.exeBat_To_Exe_Converter.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
3700\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSomeEXE.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5284C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
6232"C:\Users\admin\Desktop\SomeEXE.exe" C:\Users\admin\Desktop\SomeEXE.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\someexe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
16 238
Read events
16 234
Write events
3
Delete events
1

Modification events

(PID) Process:(612) Bat_To_Exe_Converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
96
(PID) Process:(7004) Bat_To_Exe_Converter.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:GlobalAssocChangedCounter
Value:
97
(PID) Process:(948) Taskmgr.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager
Operation:delete valueName:Preferences
Value:
(PID) Process:(948) Taskmgr.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager
Operation:writeName:Preferences
Value:
0D00000060000000600000006800000068000000E3010000DC010000000001000000008000000080D8010080DF010080000100016B00000034000000130300008C020000E80300000000000000000000000000000F000000010000000000000058AAE92EF77F00000000000000000000000000002E0100001E0000008990000000000000FF00000001015002000000000D0000000000000098AAE92EF77F00000000000000000000FFFFFFFF960000001E0000008B900000010000000000000000101001000000000300000000000000B0AAE92EF77F00000000000000000000FFFFFFFF780000001E0000008C900000020000000000000001021200000000000400000000000000C8AAE92EF77F00000000000000000000FFFFFFFF960000001E0000008D900000030000000000000000011001000000000200000000000000E8AAE92EF77F00000000000000000000FFFFFFFF320000001E0000008A90000004000000000000000008200100000000050000000000000000ABE92EF77F00000000000000000000FFFFFFFFC80000001E0000008E90000005000000000000000001100100000000060000000000000028ABE92EF77F00000000000000000000FFFFFFFF040100001E0000008F90000006000000000000000001100100000000070000000000000050ABE92EF77F00000000000000000000FFFFFFFF49000000490000009090000007000000000000000004250000000000080000000000000080AAE92EF77F00000000000000000000FFFFFFFF49000000490000009190000008000000000000000004250000000000090000000000000070ABE92EF77F00000000000000000000FFFFFFFF490000004900000092900000090000000000000000042508000000000A0000000000000088ABE92EF77F00000000000000000000FFFFFFFF4900000049000000939000000A0000000000000000042508000000000B00000000000000A8ABE92EF77F00000000000000000000FFFFFFFF490000004900000039A000000B0000000000000000042509000000001C00000000000000C8ABE92EF77F00000000000000000000FFFFFFFFC8000000490000003AA000000C0000000000000000011009000000001D00000000000000F0ABE92EF77F00000000000000000000FFFFFFFF64000000490000004CA000000D0000000000000000021508000000001E0000000000000010ACE92EF77F00000000000000000000FFFFFFFF64000000490000004DA000000E000000000000000002150800000000030000000A000000010000000000000058AAE92EF77F0000000000000000000000000000D70000001E0000008990000000000000FF00000001015002000000000400000000000000C8AAE92EF77F0000000000000000000001000000960000001E0000008D900000010000000000000001011000000000000300000000000000B0AAE92EF77F00000000000000000000FFFFFFFF640000001E0000008C900000020000000000000000021000000000000C0000000000000040ACE92EF77F0000000000000000000003000000640000001E00000094900000030000000000000001021000000000000D0000000000000068ACE92EF77F00000000000000000000FFFFFFFF640000001E00000095900000040000000000000000011001000000000E0000000000000090ACE92EF77F0000000000000000000005000000320000001E00000096900000050000000000000001042001000000000F00000000000000B8ACE92EF77F0000000000000000000006000000320000001E00000097900000060000000000000001042001000000001000000000000000D8ACE92EF77F0000000000000000000007000000460000001E00000098900000070000000000000001011001000000001100000000000000F8ACE92EF77F00000000000000000000FFFFFFFF640000001E0000009990000008000000000000000001100100000000060000000000000028ABE92EF77F0000000000000000000009000000040100001E0000008F9000000900000000000000010110010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000B000000010000000000000058AAE92EF77F0000000000000000000000000000D70000001E0000009E90000000000000FF0000000101500200000000120000000000000020ADE92EF77F00000000000000000000FFFFFFFF2D0000001E0000009B90000001000000000000000004200100000000140000000000000040ADE92EF77F00000000000000000000FFFFFFFF640000001E0000009D90000002000000000000000001100100000000130000000000000068ADE92EF77F00000000000000000000FFFFFFFF640000001E0000009C900000030000000000000000011001000000000300000000000000B0AAE92EF77F00000000000000000000FFFFFFFF640000001E0000008C90000004000000000000000102100000000000070000000000000050ABE92EF77F000000000000000000000500000049000000490000009090000005000000000000000104210000000000080000000000000080AAE92EF77F000000000000000000000600000049000000490000009190000006000000000000000104210000000000090000000000000070ABE92EF77F0000000000000000000007000000490000004900000092900000070000000000000001042108000000000A0000000000000088ABE92EF77F0000000000000000000008000000490000004900000093900000080000000000000001042108000000000B00000000000000A8ABE92EF77F0000000000000000000009000000490000004900000039A00000090000000000000001042109000000001C00000000000000C8ABE92EF77F000000000000000000000A00000064000000490000003AA000000A00000000000000000110090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000008000000010000000000000058AAE92EF77F0000000000000000000000000000C60000001E000000B090000000000000FF0000000101500200000000150000000000000088ADE92EF77F00000000000000000000FFFFFFFF6B0000001E000000B1900000010000000000000000042500000000001600000000000000B8ADE92EF77F00000000000000000000FFFFFFFF6B0000001E000000B2900000020000000000000000042500000000001800000000000000E0ADE92EF77F00000000000000000000FFFFFFFF6B0000001E000000B490000003000000000000000004250000000000170000000000000008AEE92EF77F00000000000000000000FFFFFFFF6B0000001E000000B390000004000000000000000004250000000000190000000000000040AEE92EF77F00000000000000000000FFFFFFFFA00000001E000000B5900000050000000000000000042001000000001A0000000000000070AEE92EF77F00000000000000000000FFFFFFFF7D0000001E000000B6900000060000000000000000042001000000001B00000000000000A0AEE92EF77F00000000000000000000FFFFFFFF7D0000001E000000B790000007000000000000000004200100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000DA00000000000000000000000000000000000000000000009D200000200000009100000064000000320000006400000050000000320000003200000028000000500000003C0000005000000050000000320000005000000050000000500000005000000050000000500000002800000050000000230000002300000023000000230000005000000050000000500000003200000032000000320000007800000078000000500000003C00000050000000500000009700000032000000780000003200000050000000500000005000000050000000000000000100000002000000030000000400000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000100000001100000012000000130000001400000015000000160000001700000018000000190000001A0000001B0000001C0000001D0000001E0000001F000000200000002100000022000000230000002400000025000000260000002700000028000000290000002A0000002B0000002C00000000000000000000001F00000000000000B400000032000000D8000000640000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000DA000000000000000000000000000000000000009D200000200000009100000064000000320000009700000050000000320000003200000028000000500000003C000000500000005000000032000000500000005000000050000000500000005000000050000000500000002800000050000000230000002300000023000000230000005000000050000000500000003200000032000000320000007800000078000000500000003C0000005000000064000000780000003200000078000000780000003200000050000000500000005000000050000000C8000000000000000100000002000000030000000400000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F000000100000001100000012000000130000001400000015000000160000001700000018000000190000001A0000001B0000001C0000001D0000001E0000001F000000200000002100000022000000230000002400000025000000260000002700000028000000290000002A0000002B0000002C0000002D0000002E0000002F00000000000000000000001F00000000000000B400000032000000D8000000640000006400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002000000030000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000
Executable files
8
Suspicious files
13
Text files
30
Unknown types
1

Dropped files

PID
Process
Filename
Type
612Bat_To_Exe_Converter.exeC:\Users\admin\AppData\Local\Temp\B445.tmp\files.ini
MD5:
SHA256:
612Bat_To_Exe_Converter.exeC:\Users\admin\AppData\Local\Temp\B445.tmp\GoRC.exeexecutable
MD5:F69B0E5F35B5DAE1B11B950CFF157FB3
SHA256:ED010C50A7CEB43B9666E7FBCA13D8377D30B79203207BAD77004A890ADEEA17
948WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Bat_To_Exe_Conve_cafd10e3b0a5484842eaccecfeb781ea6711e5a5_9f73571f_dc78d216-ded0-4784-a502-6b49030f4262\Report.wer
MD5:
SHA256:
948WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Bat_To_Exe_Converter.exe.612.dmp
MD5:
SHA256:
612Bat_To_Exe_Converter.exeC:\Users\admin\AppData\Local\Temp\B445.tmp\1619737058.batbinary
MD5:93B885ADFE0DA089CDF634904FD59F71
SHA256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
612Bat_To_Exe_Converter.exeC:\Users\admin\AppData\Local\Temp\B445.tmp\lng\简化中国 (Chinese Simplified).lngtext
MD5:8AB06A4B804350D0A232E65B82E992E1
SHA256:5A5FBE8998D1AA2C6CB7E16FA50861910C806AC3DF99E2026E8B577175B36133
612Bat_To_Exe_Converter.exeC:\Users\admin\AppData\Local\Temp\B445.tmp\extd.chmbinary
MD5:D4FC8C71A167383B2CEA62137B12F63D
SHA256:2786F9B9CDF8A73396405CE59CB6D00FAD9D51E5136183999D14A5CB9F5D80FB
3156WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Bat_To_Exe_Conve_1c805f7e33a8fc19fe9887aa2db954b399bf4813_9f73571f_4090ba64-5146-4569-9baa-c008f3c63a2f\Report.wer
MD5:
SHA256:
3156WerFault.exeC:\Users\admin\AppData\Local\CrashDumps\Bat_To_Exe_Converter.exe(1).612.dmp
MD5:
SHA256:
612Bat_To_Exe_Converter.exeC:\Users\admin\AppData\Local\Temp\B445.tmp\GoLink.exeexecutable
MD5:CAFC4EEC8A4F05B8DFEE4067FB5B9076
SHA256:1FA554D18490CB5E56D624CD97069F42E63800688136C6CF3C521E4EF6E83E28
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
50
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6944
svchost.exe
GET
200
2.16.164.106:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
612
Bat_To_Exe_Converter.exe
GET
301
172.104.244.206:80
http://www.f2ko.de/updates/b2e.php?u=2
unknown
malicious
6944
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2076
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6544
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4380
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2936
svchost.exe
GET
304
2.18.161.41:80
http://x1.c.lencr.org/
unknown
whitelisted
7004
Bat_To_Exe_Converter.exe
GET
301
172.104.244.206:80
http://www.f2ko.de/updates/b2e.php?u=2
unknown
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5640
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
2.23.209.189:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
612
Bat_To_Exe_Converter.exe
172.104.244.206:80
www.f2ko.de
Linode, LLC
DE
malicious
612
Bat_To_Exe_Converter.exe
172.104.244.206:443
www.f2ko.de
Linode, LLC
DE
malicious
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.189
  • 2.23.209.130
  • 2.23.209.176
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.185
  • 2.23.209.148
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.f2ko.de
  • 172.104.244.206
malicious
crl.microsoft.com
  • 2.16.164.106
  • 2.16.164.9
  • 23.48.23.166
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 95.101.149.131
  • 23.52.120.96
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.136
  • 20.190.160.20
  • 20.190.160.22
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.134
  • 20.190.160.17
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.72
  • 40.126.32.138
whitelisted
th.bing.com
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.185
  • 2.23.209.182
  • 2.23.209.140
  • 2.23.209.189
  • 2.23.209.176
  • 2.23.209.133
  • 2.23.209.148
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Bat_To_Exe_Converter.exe